CH1 1-10 Matching

Questions and Answers

Match each Google search operator with its correct description:

site: = Finds pages with specific text in the title. inurl: = Finds pages that link to a specific site or URL. filetype: = Restricts search to a specific domain. intitle: = Finds pages with specific text in the URL.

Match each Google search operator to its example usage:

link: = filetype:xls cache: = cache:www.eff.org inurl: = inurl:/administrator/index.php site: = intitle:vitae

Match the Google search operators with their primary function:

filetype: = Finds cached copies of Google's results. cache: = Finds pages with specific file types. link: = Finds pages that link to a specific site or URL. intitle: = Restricts search to a specific domain.

Match the description of the Google search operators with the appropriate operator:

intitle: = Finds pages with specific file types. inurl: = Restricts search to a specific domain. site: = Finds pages with specific text in the title. filetype: = Finds pages with specific text in the URL.

Match the combination of Google search operators with a possible outcome:

cache: = Understanding adversary activity. link: = Researching security industry trends. site: = Identifying vulnerabilities. inurl: = Gathering threat intelligence.

Match the Google search technique with its purpose:

site: intitle:"index of" "parent directory" = Find vulnerable server directories with index listings cached: = Access a saved version of the webpage without direct connection Boolean logic = Refine searches using logical operators keyword order = Prioritize terms in search results

Match the following Internet Registries (RIRs) with their geographic area:

ARIN = North America RIPE NCC = Europe, the Middle East, and parts of Central Asia APNIC = Asia and Pacific region LACNIC = Latin America and Caribbean

Match the configuration issue with its description:

Directory listing present = Misconfigured server exposing file lists Cached page = Stored version of a webpage for viewing Non-profit corporations = Organizations that manage global domain name registration IP address conflicts = Issues arising from non-unique IP addresses

Match the term to its definition:

RIR = Regional body managing IP address assignments Google cache = Preserved version of a webpage for offline inspection Parent directory = Higher-level directory containing files Index of = Listing of files in a directory displayed on a web server

Match the vulnerability type with its identifier:

Web server misconfiguration = Allowing directory listings Search operator enhancement = Using specific terms to improve search precision Directory traversal = Accessing unintended files on a server IP address delegation = Assigning blocks of addresses to organizations

Match the type of data with its characteristic:

Closed source data = Collected covertly or from privileged access Open source data = Publicly available information Internal network data = Threat data from the organization's network Classified data = Data restricted by legal and access controls

Match the term with its related benefit:

Using multiple sources = Reduces confirmation bias Establishing a baseline = Identifies emerging threats Corroborating data = Supports hypotheses with diverse evidence Closed source data quality = Generally higher than open source data

Match the internal threat data source with its example:

Network events = Activity logs from the network DNS logs = Records of domain name system queries Firewall logs = Data on blocked and allowed traffic VPN logs = Information on virtual private network connections

Match the type of threat data with its usage:

External data feeds = Sometimes undervalued compared to internal data Internal threat data = Enables quicker detection of malicious activity Privileged access data = May be sensitive and require careful handling Closed-source intelligence = Used with caution due to potential legal implications

Match the concept with its relevance in intelligence analysis:

Confirmation bias = Tendency to interpret information to validate beliefs Hypothesis support = Need for corroboration with diverse data sources Threat detection = Utilizes a combination of different data types Legal stipulations = Governing the handling of classified data

Match the following DNS tools with their primary purpose:

nslookup = Troubleshooting DNS issues host = Domain name to IP resolution dig = Detailed DNS information retrieval whois = Domain ownership information

Match the following DNS concepts with their definitions:

Zone transfer = Replicating DNS server data DNS poisoning = Malicious manipulation of DNS data Access Control Lists (ACLs) = Regulating access to DNS data DNS spoofing = Redirecting users to false websites

Match the following Geographic Regions with their corresponding Registries:

Africa and portions of the Indian Ocean = AFRINIC Portions of Asia and portions of Oceania = APNIC Canada, Caribbean, and North Atlantic Islands = ARIN Europe, Middle East, and Central Asia = RIPE NCC

Match the following types of DNS threats with their descriptions:

DNS harvesting = Gathering network information Man-in-the-middle attack = Interception of network traffic DDoS attack = Overwhelming a server with traffic Phishing = Deceptive attempt to obtain sensitive information

Match the following URL components with their respective roles:

Domain name = Human-readable address IP address = Numeric identifier for a device Protocol = Method of data transfer Port number = Endpoint for network connections

Match the social media platforms with their primary attributes:

Twitter = Rapid news dissemination during emergencies Reddit = Community-driven discussions and forums Facebook = Personal information sharing and social networking Instagram = Visual content sharing and lifestyle branding

Match the types of attacks with their descriptions:

Phishing = Manipulating individuals into sharing sensitive information Social engineering = Exploiting human psychology to breach security Cyberattack = Targeting systems for unauthorized access OSINT = Gathering publicly available information for intelligence

Match the roles involved in social engineering and security training:

Employees = Targets for attackers due to lack of training Attackers = Individuals leveraging deception to extract information Instructors = Trainers who teach offensive cyber techniques Organizations = Entities that authorize and facilitate training exercises

Match the elements of OSINT with their significance:

Gathering = Collecting data from open sources Authorization = Permission to conduct aggressive training Aggressor role = Simulating realistic offensive strategies Superficial collection = Initial data gathering before deeper analysis

Match the characteristics of social media threats with their impact:

Targeted advertising = Utilizing personal data for consumer marketing Emergency news spread = Facilitating rapid information flow regarding crises Cyber profiling = Creating detailed profiles based on user behavior System compromise = Resulting from successful phishing attacks

Match the types of intelligence with their correct descriptions:

SIGINT = Intelligence-gathering through intercepts of electronic transmissions HUMINT = Intelligence derived from human sources using various methods MASINT = Intelligence produced from non-imagery data GEOINT = Analysis of imagery and geospatial data relevant to security

Match the following sources of intelligence with their primary characteristics:

OSINT = Free data from public sources such as news and libraries Government intelligence = Relies on classified resources and programs Commercial threat intelligence = Provides industry-specific threat data Social media monitoring = Utilizes digital platforms for gathering information

Match the intelligence disciplines with their primary focus:

SIGINT = Intercepting and analyzing electronic communications HUMINT = Gathering information from human interactions MASINT = Focusing on measurements and signatures from non-imagery GEOINT = Studying the spatial aspects of intelligence data

Match the methods of intelligence gathering with their descriptions:

Open Source Intelligence (OSINT) = Utilizes public data for intelligence questions Classified methods = Methods often unavailable to non-government entities Commercial intelligence = Gathers data from commercially available sources Social media intelligence = Collects data from user-generated online content

Match the intelligence concept with its definition:

All Source = Derived from all available information sources SIGINT = Signals intelligence involving intercepts HUMINT = Intelligence from human communications MASINT = Utilizes non-traditional data for intelligence analysis

Match the types of intelligence with relevant sectors:

OSINT = Used by journalists and researchers SIGINT = Employed by military operations HUMINT = Used in espionage and covert operations GEOINT = Important for environmental and geographic studies

Match the intelligence gathering challenge with the appropriate solution:

Limited government resources = Use commercial intelligence providers Unauthorized disclosure risk = Implement protective measures for operations Accessibility of public data = Utilize efficient data retrieval tools Lack of historical data = Leverage OSINT for existing information

Match the type of intelligence collection with its operational context:

GEOINT = Used in military planning and operations MASINT = Applicable in advanced technology analysis HUMINT = Involves undercover agents and informants SIGINT = Utilizes satellites and interception technologies

Match the following concepts with their descriptions:

Threat Data = Information about potential malicious activity Threat Intelligence = Actionable knowledge on adversaries Indicators of Compromise = Evidence that an intrusion has occurred Information Sharing Best Practices = Guidelines to effectively share threat insights

Match the following individuals with their contributions to threat intelligence:

Sun Tzu = Philosopher known for strategies in conflict Sergio Caltagirone = Coauthor of 'The Diamond Model of Intrusion Analysis' Adversaries = Actors exploring weaknesses in networks Analysts = Professionals who interpret threat data

Match the following components of threat intelligence with their roles:

Weaknesses = Vulnerabilities within the network Network Activity = The operations and events occurring within a network Decision-Makers = Individuals who make informed security choices based on intelligence Response Time = Speed at which operators act upon a detected threat

Match the following benefits of threat intelligence with their outcomes:

Increased Cost to Adversaries = Deterrence against future attacks Improved Operator Response Time = Swift action against detected threats Reduced Recovery Time = Quicker restoration of services post-incident Greater Agility = Enhanced adaptability to changing threat landscapes

Match the following definitions with their respective terms:

Cyber Threat Intelligence = Knowledge insight enabling better security decision-making Intelligence Cycle = Process of collecting and analyzing threat data Malicious Actors = Individuals or groups conducting harmful activities Effective Threat Program = A comprehensive approach to managing cyber threats

Match the following practices with their relevance to threat intelligence:

Contextual Analysis = Placing data in a relevant security framework Network Mapping = Understanding the layout and weaknesses of organizational networks Incident Response = Actions taken after a security breach Threat Modeling = Identifying and prioritizing potential threats to the organization

Match the following types of contacts with their respective details:

Registrant Contact = Email: [email protected] Admin Contact = Phone: +1.6506234000 Tech Contact = Mailing Address: 2400 E. Bayshore Pkwy, Mountain View CA 94043 US

Match the following threats with their sources:

Internal Threats = Insider risks from employees External Threats = Attackers from outside the organization Sophisticated Threat Actors = Advanced persistent threats Emerging Threats = Newly identified vulnerabilities and attack vectors

Match the following WHOIS report details with their descriptions:

Name = Contact information for the domain registrant Telephone = Phone number for communication Mailing Address = Location of the entity associated with the domain Email = Electronic contact method for the registrant

Match the following terms with their definitions related to attackers' methods:

Email Harvesting = Automated collection of email addresses from various sources Phishing Attempts = Targeted attempts to deceive individuals into providing sensitive information Incident Responders = Individuals who specialize in managing security breaches Private Registration Services = Hiding registrant information in WHOIS records

Match the following terms with their implications in threat intelligence:

Actionable Knowledge = Information that leads to specific security actions Threat Landscape = The overall environment in which threats can emerge Malicious Activities = Actions taken by adversaries to compromise systems Security Decision-Making = The process of choosing protective measures based on intelligence

Match the following social media actions with their potential outcomes:

Analyzing Information = Learning an individual's routines and habits Sending Phishing Forms = Attempting to deceive users for sensitive data Targeted Attacks = Conducting attacks based on tailored information Misleading Messages = Spreading false information to manipulate victims

Match the following contact methods with their respective contacts:

Registrant Contact = Fax: +1.6506188571 Admin Contact = Email: [email protected] Tech Contact = Fax: +1.6506181499

Match the following roles with their relevance in cybersecurity:

Network Engineers = Utilize WHOIS for network management Spammers = Exploit personal data for unsolicited communications Identity Thieves = Steal personal information for fraudulent activities Attackers = Use social engineering to manipulate targets

Match the following methods to their descriptions in targeted attacks:

Phishing = Deceptive emails aimed at acquiring sensitive data Automated Data Collection = Using bots to compile user information Social Engineering = Manipulating individuals into revealing information Email Address Targeting = Identifying individuals linked by email for attacks

Match the following entities with their respective characteristics:

Google Inc. = Provides WHOIS information Social Media Platforms = Sources of personal data for attackers Employment Service Sites = Collect user data for job matching ICANN = Manages domain registrations and WHOIS queries

Match the characteristics of good threat intelligence with their descriptions:

Timeliness = Most useful when delivered promptly Relevancy = Reflects the intricacies of an organization Accuracy = Crucial for effective decision-making Clear Actions = Provides recommended responses to threats

Match the attribute of intelligence with its importance:

Timeliness = Inversely proportional to noise generation Relevancy = Varies based on operational levels Accuracy = Critical within timely context Clear Language = Describes threats in understandable terms

Match the types of organizations with their specific intelligence needs:

Manufacturing = Needs intelligence specific to manufacturing networks Retail = Requires data relevant to consumer behavior threats Finance = Demands intelligence on monetary fraud risks Healthcare = Looks for intelligence regarding patient data breaches

Match the aspects of effective threat intelligence with their outcomes:

Timeliness = Improves decision-making capability Relevancy = Enhances targeted operational responses Accuracy = Reduces rate of intelligence failure Clear Language = Helps in understanding risks by non-experts

Match the type of intelligence with its characteristic:

Internal Network Data = Most relevant due to specific context Generic Intelligence = Not helpful for specific environments Late Intelligence = Often deemed useless by decision makers Accurate Intelligence = Facilitates effective operational planning

Match the term used in intelligence with its definition:

Timeliness = The aspect of intelligence relating to its delivery speed Relevancy = The fittingness of intelligence to its audience Accuracy = The correctness of the information provided Clear Actions = Specific recommendations for handling threats

Match the description of intelligence with its potential issue:

Untimely Intelligence = Can lead to outdated decision-making Irrelevant Intelligence = Creates noise and confusion for analysts Inaccurate Intelligence = May result in poor operational responses Ambiguous Descriptions = Hinders clear understanding of threats

Match the component of well-prepared intelligence with its focus:

Audience Consideration = Tailoring intelligence for specific users Specific Context = Understanding organizational complexities Timely Delivery = Ensuring information aligns with current needs Clear Recommendations = Promoting actionable strategies against threats

Match the Traffic Light Protocol colors with their descriptions:

TLP:RED = Unlimited disclosure TLP:AMBER = Not for disclosure, restricted to participants only TLP:GREEN = Limited disclosure, restricted to the community TLP:WHITE = Limited disclosure, restricted to participants' organizations

Match the Traffic Light Protocol colors with their sharing guidelines:

TLP:RED = Recipients may share information with peers and partners TLP:AMBER = Recipients may share only within their organization TLP:GREEN = Recipients may not share on publicly accessible channels TLP:WHITE = Information may be distributed without restriction

Match the Traffic Light Protocol colors with when they are used:

TLP:RED = When information requires support to act upon TLP:AMBER = When information poses minimal risk of misuse TLP:GREEN = When information is beneficial for community awareness TLP:WHITE = When information could lead to privacy impacts if misused

Match the Traffic Light Protocol colors with their primary constraints:

TLP:RED = Only shared verbally or in person TLP:AMBER = Shared with clients/customers who need the information TLP:GREEN = Not for public channels TLP:WHITE = Subject to standard copyright rules

Match the Traffic Light Protocol colors with their appropriate usage scenarios:

TLP:RED = Sensitive operational information TLP:AMBER = Internal organizational procedures TLP:GREEN = Sector-wide alerts TLP:WHITE = Public safety announcements

Match the Traffic Light Protocol colors with their intended audience:

TLP:RED = Participants of a private meeting TLP:AMBER = Members of recipient organizations TLP:GREEN = Broad community organizations TLP:WHITE = General public

Match the Traffic Light Protocol colors with their risk levels:

TLP:RED = High risk of privacy impacts TLP:AMBER = Moderate risk if disclosed TLP:GREEN = Low risk of misuse TLP:WHITE = Minimal or no foreseeable risk

Match the Traffic Light Protocol colors with how they are primarily communicated:

TLP:RED = Verbal or in-person only TLP:AMBER = Within organizational emails TLP:GREEN = Peer-to-peer communications TLP:WHITE = Public forums and websites